The Wordfence team reports at least 130 million attacks were detected between May 29 to May 31, 2020. The attacks were intended to harvest a website’s database credentials by downloading the configuration files.

Most of the attacks were targeted at the vulnerabilities in outdated plugins and/or themes that allow files to be downloaded or exported.

To confirm whether your website has been compromised, check your server logs and look for any entries containing wp-config.php in the query string that returned a 200 response code.

Here are the top 10 attacking IP addresses in this campaign:

200.25.60.53
51.255.79.47
194.60.254.42
31.131.251.113
194.58.123.231
107.170.19.251
188.165.195.184
151.80.22.75
192.254.68.134
93.190.140.8

Sites running the Wordfence plugin should be safe from these attacks. If you believe your website has been compromised, change your database password, and authentication unique keys and salts immediately.

For more information please check the official public release.

Beyond that, it is strongly recommended to update your themes and plugins to their latest versions and ensure that your host is using the latest stable version of PHP.

---

If you have questions, don’t hesitate to contact our support team.

WooCommerce 4.2 release

WooCommerce 4.2 is now available. In development since April 2020, it has about 294 commits from 28 contributors.

This is a backwards-compatible minor release focusing on stability and performance.

For more information, please check the official public release.

Storefront 2.5.7 release 

Storefront 2.5.7 has been tagged for release and uploaded to WordPress.org.

This is a small maintenance release.

For more information, please check the official public release.

---

These are minor releases so there’s no need for an immediate update. But if you have existing issues with WooCommerce and/or Storefront, you may update whenever suitable. Make sure to do thorough testing after.

---

If you have questions, don’t hesitate to contact our support team

Several vulnerabilities were previously discoverd on the plugin Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 websites. This marks another Page Builder plugin with vulnerabilities found in the last few months.

One flaw allows any subscriber-level and above user the ability to update/modify posts with malicious content, while another flaw allows attackers to forge malicious requests on behalf of a site’s administrator to modify the settings of the plugin. These are considered critical security issues with severe potential implications.

For websites at risk, it is recommended to run a server-side scan to monitor the filesystem for changes so that presence of any malware can be detected.

Beyond that, it is recommended to update your themes and plugins to their latest versions and ensure that your host is using the latest stable version of PHP. The latest version (1.1.4) of the Pagelayer plugin has already been patched for these issues.

For more information please check the official public release.

---

If you have questions, don’t hesitate to contact our support team.

During a recent investigation, the team at Sucuri have identified malware that collects sensitive data currently spreading to target WooCommerce websites in compromised hosting environments.

The malware is spread via an ongoing wave of exploits against vulnerable WordPress plugins. Check here for the list of plugins: https://labs.sucuri.net/vulnerabilities-digest-april-2020/

For more information please check the official public release.

For websites at risk, it is recommended to run a server-side scanner that can monitor the filesystem for changes so that the presence of the malware is detected.

Beyond that, it is recommended to update your themes and plugins to their latest versions and ensure that your host is using the latest stable version of PHP.

---

If you have questions, don’t hesitate to contact our support team.

A vulnerability in the plugin Site Kit by Google, a WordPress plugin installed on over 400,000 sites, was discovered last month. Site Kit is the all-in-one solution to integrate a WordPress website with the critical Google tools.

The flaw enables attackers to obtain owner access for the website’s Google Search Console property.

The developers have since released an update to patch this issue, but outdated plugins (1.7.1 and older) are still at risk.

For more information please check the official public release.

---

If you have questions, don’t hesitate to contact our support team.